Risk Register The Risk Register records details of all the risks identified which have not been eliminated and provides a mechanism for ongoing monitoring and review of the suitability of the control strategies implemented. Risks associated with activities and strategies and are identified then graded in terms of likelihood of occurring and seriousness of impact. Why would you develop a Risk Register? As a formal document, the analysis contained in a risk register can be used to document and improve workplace practices. The register can also be used to notify senior managers of emerging risk exposures that warrant immediate attention. Involving staff and other members of the community in the process of compiling a risk register is likely to encourage a high level of ownership of, and commitment to, organisational processes and activities. The process of identifying and analysing risks is part of your risk management system and should be undertaken where the controls are not obvious or a level of ongoing risk remains. Risk Registers The risk register template consists of some headings and a table that reflects the nature of the information that is to be addressed. The advantages of using a single template as a record of risk analysis, evaluation, treatment and monitoring actions is brevity and clear presentation of the logic which supports the decision making process. Where risk management treatment plans are required to be comprehensive it may be appropriate to supplement the applicable risk register entry with a separate, supporting risk treatment plan. The completed risk register should be brief and to the point, so it quickly conveys the essential information. It should be updated on a regular basis. Risk treatment actions should include such things as: Planned actions to reduce the likelihood a negative risk will occur and/or reduce the seriousness should it occur (What should you do now?) Contingency actions - planned actions to reduce the immediate seriousness of a negative risk when it does occur. (What should you do when?) Version 1, March 2009 Recovery actions - planned actions taken once a negative risk has occurred to allow you to move on. (What should you do after?) Risk Transfer (eg. Through assignment of contractual responsibilities or insurance). Eliminating risk by not undertaking a particular activity or action. Actions necessary to ensure the realisation of opportunities (positive risks) Likelihood Rankings (Positive or negative risks) As a Guide Only – Likelihood rankings should be calibrated, where necessary to ensure compliance with applicable regulations, safety standards and other tolerances that have been agreed with key activity sponsors. 1 Rare Once in 50 years/ Probability less than 2% 2 Unlikely Once in 20 years / Probability less than 5% 3 Possible Probability of 5% to 50% 4 Likely Probability 50% to 90% 5 Almost Certain Probability of 90% or more Consequence Rankings (Negative risks) Injury/illness 1 Insignificant Very minor injury or short term impact 2 Minor Minor injury likely to be restricted to an individual. 3 Moderate Injury of more than a minor nature to a few individuals, likely to result in some absence from work. 4 Major Risk event may lead to serious injury and incapacitation. 5 Catastrophic Risk event may lead to a death or total and permanent disablement to one or more individuals. Note that risk events are not exclusive to any particular category. Key risk events may need to be considered within the context of 2 or more risk categories. Version 1, March 2009 Risk Rating Grade: Combined effect of Likelihood/Seriousness As a Guide Only Consequence Rating Likelihood 1. Insignificant 2. Minor 3. Moderate 4. Major 5. Catastrophic A.. Almost Certain L M H E E B. Likely L M H E E C. Possible L L M H E D. Unlikely L L M H H E. Rare L L L M H (Adapted from AS/NZS 4360:2004, Risk Management). Recommended actions for grades of negative risk Grade Risk mitigation actions L LOW: These risks should be recorded, monitored and controlled by the responsible manager. Activities with unmitigated risks that are graded above this level should be avoided. M MEDIUM: Mitigation actions to reduce the likelihood and seriousness to be identified and appropriate actions to be identified and endorsed by a supervisor. H HIGH: If uncontrolled, a risk event at this level may have a significant impact on the safety of employees or others. Mitigating actions need to be very reliable and should be approved and monitored in an ongoing manner by managers. E EXTREME: Activities and projects with unmitigated risks at this level should be avoided or eliminated. This is because risk events graded at this level have the potential to cause serious injury. Reference: Australian, New Zealand Standard AS/NZ 4360: 2004 “Risk Management” Version 1, March 2009 SAMPLE RISK REGISTER Risk ID No. Risk Risk Rating Control strategies Residual likelihood rating (given current actions) Residual consequence rating Residual Are Review Risk mitigating date rating actions effective / efficient? Is Risk Grade Acceptable (Yes or No) 4 Version 2, April 2012